diff --git a/src/vs/workbench/contrib/tasks/browser/abstractTaskService.ts b/src/vs/workbench/contrib/tasks/browser/abstractTaskService.ts index 5890d50f7398b3d4c01b06ae3bd2ae9b79e6cf62..65defb36e8aa9cef415d4bf2980360530f9b3095 100644 --- a/src/vs/workbench/contrib/tasks/browser/abstractTaskService.ts +++ b/src/vs/workbench/contrib/tasks/browser/abstractTaskService.ts @@ -80,6 +80,7 @@ import { isWorkspaceFolder, TaskQuickPickEntry, QUICKOPEN_DETAIL_CONFIG, TaskQui import { ILogService } from 'vs/platform/log/common/log'; import { once } from 'vs/base/common/functional'; import { ThemeIcon } from 'vs/platform/theme/common/themeService'; +import { ITrustedWorkspaceService } from 'vs/platform/workspace/common/trustedWorkspace'; const QUICKOPEN_HISTORY_LIMIT_CONFIG = 'task.quickOpen.history'; const PROBLEM_MATCHER_NEVER_CONFIG = 'task.problemMatchers.neverPrompt'; @@ -255,6 +256,7 @@ export abstract class AbstractTaskService extends Disposable implements ITaskSer @ITextModelService private readonly textModelResolverService: ITextModelService, @IPreferencesService private readonly preferencesService: IPreferencesService, @IViewDescriptorService private readonly viewDescriptorService: IViewDescriptorService, + @ITrustedWorkspaceService private readonly trustedWorkspaceService: ITrustedWorkspaceService, @ILogService private readonly logService: ILogService ) { super(); @@ -911,7 +913,7 @@ export abstract class AbstractTaskService extends Disposable implements ITaskSer }).then((value) => { if (runSource === TaskRunSource.User) { this.getWorkspaceTasks().then(workspaceTasks => { - RunAutomaticTasks.promptForPermission(this, this.storageService, this.notificationService, workspaceTasks); + RunAutomaticTasks.promptForPermission(this, this.storageService, this.notificationService, this.trustedWorkspaceService, workspaceTasks); }); } return value; diff --git a/src/vs/workbench/contrib/tasks/browser/runAutomaticTasks.ts b/src/vs/workbench/contrib/tasks/browser/runAutomaticTasks.ts index 40899ecaf613a90aa5e1ecf5f5445ec1791ba08b..02e390cdcbfc71081140a505a3640a67b1a97ef8 100644 --- a/src/vs/workbench/contrib/tasks/browser/runAutomaticTasks.ts +++ b/src/vs/workbench/contrib/tasks/browser/runAutomaticTasks.ts @@ -14,16 +14,19 @@ import { INotificationService, Severity } from 'vs/platform/notification/common/ import { IQuickPickItem, IQuickInputService } from 'vs/platform/quickinput/common/quickInput'; import { Action2 } from 'vs/platform/actions/common/actions'; import { ServicesAccessor } from 'vs/platform/instantiation/common/instantiation'; +import { ITrustedWorkspaceService, TrustState } from 'vs/platform/workspace/common/trustedWorkspace'; const ARE_AUTOMATIC_TASKS_ALLOWED_IN_WORKSPACE = 'tasks.run.allowAutomatic'; export class RunAutomaticTasks extends Disposable implements IWorkbenchContribution { constructor( @ITaskService private readonly taskService: ITaskService, - @IStorageService storageService: IStorageService) { + @IStorageService storageService: IStorageService, + @ITrustedWorkspaceService trustedWorkspaceService: ITrustedWorkspaceService) { super(); const isFolderAutomaticAllowed = storageService.getBoolean(ARE_AUTOMATIC_TASKS_ALLOWED_IN_WORKSPACE, StorageScope.WORKSPACE, undefined); - this.tryRunTasks(isFolderAutomaticAllowed); + const isTrustedWorkspace = trustedWorkspaceService.getWorkspaceTrustState() === TrustState.Trusted; + this.tryRunTasks(isFolderAutomaticAllowed && isTrustedWorkspace); } private tryRunTasks(isAllowed: boolean | undefined) { @@ -84,8 +87,13 @@ export class RunAutomaticTasks extends Disposable implements IWorkbenchContribut return { tasks, taskNames }; } - public static promptForPermission(taskService: ITaskService, storageService: IStorageService, notificationService: INotificationService, + public static async promptForPermission(taskService: ITaskService, storageService: IStorageService, notificationService: INotificationService, trustedWorkspaceService: ITrustedWorkspaceService, workspaceTaskResult: Map) { + const isTrustedWorkspace = await trustedWorkspaceService.requireWorkspaceTrust() === TrustState.Trusted; + if (!isTrustedWorkspace) { + return; + } + const isFolderAutomaticAllowed = storageService.getBoolean(ARE_AUTOMATIC_TASKS_ALLOWED_IN_WORKSPACE, StorageScope.WORKSPACE, undefined); if (isFolderAutomaticAllowed !== undefined) { return;